Mercurial > p > roundup > code

view share/roundup/templates/devel/html/query.js @ 8365:4ac0bbb3e440

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug(security): CVE-2025-53865 - XSS bug Extensive fixes in devel, responsive templates known to be exploitable. Similar constructs in classic and minimal templates not known to be exploitable, but changed anyway. doc/upgrading.txt: Reformat to 66 characters. Update with assigned CVE number. Add section on fixing tal:replace with unsafe data. Document analysis and assumptions in comment in file. doc/security.txt: Update with CVE number.
author John Rouillard <rouilj@ieee.org>
date Fri, 11 Jul 2025 19:30:27 -0400
parents 04264349c483
children
line wrap: on
line source

var action;

function display(data)
{
  var list = $("div.list");
  list.empty();
  list.append(data);
}

// Run a query with a specific starting point and size
function query_start(start, size)
{
  var inputs = $(":input");
  var data = {}
  if (start > 0) data['@startwith'] = start
  if (size > -1) data['@pagesize'] = size
  for (var i = 0; i < inputs.length; i++)
    data[inputs[i].name] = inputs[i].value;
  jQuery.get(action, data, display);
  return false;
}

// Run a query, starting at the first element
function query()
{
  return query_start(0, -1)
}

// Deactivate the form's submit action, and instead
// invoke the action as part of (inline) query.
function replace_submit()
{
  var form = $("form");
  action = form.attr("action");
  form.attr("action",""); // reset
  form.submit(query);
}


$(document).ready(replace_submit);
Roundup Issue Tracker: http://roundup-tracker.org/